Identifying Factors Affecting Deleted File Persistence Through Empirical

Identifying Factors Affecting Deleted File Persistence Through Empirical

Identifying Factors Affecting Deleted File Persistence Through Empirical Study and Analysis A Dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at George Mason University by Tahir Mehmood Khan Master of Science George Washington University, 2011 Bachelor of Science Saint Cloud State University, 2006 Director: James H. Jones, Jr, Associate Professor Department of Electrical & Computer Engineering Summer Semester 2017 George Mason University Fairfax, VA Copyright 2017 Tahir Mehmood Khan All Rights Reserved ii DEDICATION To my parents, family members, friends, and my professors who inspired me to complete this research. iii ACKNOWLEDGEMENTS I would like to thank my advisor and dissertation Chair, Dr. James Jones for his extraordinary support, mentorship, and expert guidance to complete this research. I also would like to thank my committee members: Dr. Duminda Wijesekera, Dr. Kathryn B. Laskey and Dr. Paulo Costa for their support and guidance throughout this project. My appreciation goes to my family, my parents and my wife for standing beside me to take this journey to the end. Last but not the least, special thanks goes to the members of the Krypton group and my colleagues at George Mason University and Gallaudet University who supported and guided me throughout this project. iv TABLE OF CONTENTS Page List of Tables ................................................................................................................... viii List of Figures ..................................................................................................................... x List of Abbreviations ........................................................................................................ xii Abstract ............................................................................................................................ xiii Chapter One: Introduction ................................................................................................ 15 Motivation ..................................................................................................................... 16 Research Question ......................................................................................................... 17 Contributions ................................................................................................................. 20 Chapter Two: Literature Review ...................................................................................... 21 Chapter Three: Methodology ............................................................................................ 27 Experimental Design ..................................................................................................... 27 Tracking Deleted Files .................................................................................................. 30 User Defined Parameters for Adiff.py Script ................................................................ 39 User Defined Parameters for Trace_file.py Script ........................................................ 40 Factors that Influence Persistence of Deleted Files ...................................................... 41 Disk and System Parameters ..................................................................................... 42 Deleted Files Parameters ........................................................................................... 44 User Activity Profiles ................................................................................................ 47 Deleted Files .................................................................................................................. 57 Deleted Files Categories ............................................................................................ 58 Deleted Files in 0-5 MB Group ................................................................................. 60 Percentage of File Contents Completely Overwritten ............................................... 61 Percentage of File Contents Partially Overwritten .................................................... 62 Percentage of File Contents Completely Survived .................................................... 63 Distribution of New Files .............................................................................................. 65 Shutdown User Activity ............................................................................................ 65 v Reboot-three-times User Activity .............................................................................. 67 Reboot User Activity ................................................................................................. 68 Web User Activity ..................................................................................................... 69 One-hour-reboot User Activity .................................................................................. 71 Reboot-one-hour User Activity ................................................................................. 72 3-GB User Activity .................................................................................................... 74 Experiment-data Activity .......................................................................................... 75 Mix-data Activity ...................................................................................................... 77 File Creation and Deletion Process and Virtual Machine Configuration Settings ........ 79 File Creation Process ..................................................................................................... 79 Application Uninstalled List ......................................................................................... 80 Virtual Machine Configuration Settings ....................................................................... 81 PassMark Fragger Utility and Disk Fragmentation Status ............................................ 82 Virtual Machine Suspend Procedure ............................................................................. 85 Virtual Machine Files Disk Components ...................................................................... 85 Raw Disk Image Conversion Process ........................................................................... 88 Chapter Four: Results and Analysis .................................................................................. 89 Effect of User Activities on Deleted Files .................................................................... 89 User Activities and User Actions .................................................................................. 91 Percentage of File Contents Completely Overwritten ............................................... 93 Percentage of File Contents Partially Overwritten .................................................... 96 Percentage of File Contents Completely Survived .................................................... 99 User Activities and Deleted File Size ......................................................................... 103 Fragmented and Non-Fragmented Files ...................................................................... 107 Disk Free Bytes ........................................................................................................... 110 Disk Fragmentation ..................................................................................................... 112 Disk Free Bytes and Disk Fragmentation ................................................................... 115 User and System Generated Files................................................................................ 120 File Path....................................................................................................................... 123 Chapter Five: Conclusions .............................................................................................. 126 Research Findings ....................................................................................................... 126 Primary Contributions ................................................................................................. 129 vi Secondary Contributions ............................................................................................. 130 Implications of the Research ....................................................................................... 130 Future Directions ......................................................................................................... 131 APPENDIX I SYSTEM CONFIGURATION SETTINGS ........................................... 132 APPENDIX II ................................................................................................................. 136 APPENDIX III ................................................................................................................ 138 References ....................................................................................................................... 200 vii LIST OF TABLES Table Page Table 1 Disk and system parameter names and types ....................................................... 18 Table 2 Deleted file parameter names .............................................................................. 18 Table 3 User activity profile parameter names ................................................................. 18 Table 4 Disk parameter adjustments ................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    204 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us